With users relying entirely on the app store's curation process for security and a relatively low interest from the computer security community on the platform, I'd bet there are a lot of apps doing shady stuff with iOS users' personal data right now.

This isn't even the first time they've found it... functionally, the app does nothing that the Facebook app doesn't do, except for forge your SMS credentials. I doubt Apple's going to be pulling the Facebook integration from iOS 6 though....

One way to stop the proliferation of malware in these so-called app stores is to not allow the submission of binaries. Force the author to submit source code instead so it can be audited and then have Apple build the binaries. Apple could then put the binary through its paces to see how it behaves. I'm not necessarily advocating this method because there are multiple points for abuse but it is one way to thwart the problem. It would force the would-be malware writers to innovate and adapt and that would not be easily done.